Univention Bugzilla – Bug 31081
postgres user blocked: breaks automatic maintenance
Last modified: 2018-11-28 12:10:42 CET
/etc/postgres/8.4/main/pg_hba.conf is created from the multifile UCR templates 00-pg_hba.conf and 99-pg_hba.conf, where packages can insert their additions. The split of the header and footer is wrong, since 99 starts with: # DO NOT DISABLE! # If you change this first entry you will need to make sure that the # database # super user can access the database using some other method. # Noninteractive # access to all databases is required during automatic maintenance # (custom daily cronjobs, replication, and similar tasks). # # Database administrative login by UNIX sockets local all postgres ident This must be before all further entries, because otherwise the postgres UNIX user is blocked from accessing all databases for maintenance tasks. It should be moved from 99-pg_hba.conf to 00-pg_hba.conf to guarantee proper working. The order of the entries is important (see Bug #16254), so any addition before that entry might disable access. This is for example done by repo-ng, which inserts local buildsystem all pam This prevents the postgres user to connect to that database, breaking backups for example. On a second note: /etc/univention/templates/files/etc/cron.d/postgresql can be removed, since PostgreSQL-8.4 does an auto vacuum. The referenced file /usr/lib/postgresql/bin/do.maintenance is no longer installed, so the cron-job does nothing.
Still wrong with UCS-4.2
[4.3-2 69fc50f91e] Bug #31081: Ensure postgres user is at the top of pg_hba.conf [4.3-2 f3ebb62273] Bug #31081: YAML Package: univention-postgresql Version: 10.0.1-4A~4.3.0.201811271006 Branch: ucs_4.3-0 Scope: errata4.3-2
OK: 69fc50f91e OK: f3ebb62273 OK: errata-announce -V --only univention-postgresql.yaml FIXED: 51b8627bc1 + * The rule for the PostgreSQL superuser has been moved to the beginning + of `pg_hba.conf` to always grant access to that internal user. This is + required for automatic maintenance and similar tasks. +bug: [..., 31081] OK: univention-install univention-postgresql{,-9.6}=10.0.1-4A~4.3.0.201811271006 OK: su -c psql postgres
<http://errata.software-univention.de/ucs/4.3/341.html>